CVE-2009-3252

Dave Robinson Rockbandcms - SQL Injection

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3252. PoCs published by Affix.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Rock Band CMS by injecting UNION-based SQL queries into the 'year' and 'id' parameters of the news.php page. It allows an attacker to access or modify data in the underlying database.

Description

Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Affix · textwebappsphp
https://www.exploit-db.com/exploits/34455

The exploit demonstrates SQL injection vulnerabilities in Rock Band CMS by injecting UNION-based SQL queries into the 'year' and 'id' parameters of the news.php page. It allows an attacker to access or modify data in the underlying database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Rock Band CMS
No auth needed
Prerequisites: Access to the vulnerable news.php page
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Affix · textwebappsphp
https://www.exploit-db.com/exploits/9553

This is a writeup detailing SQL injection vulnerabilities in BandCMS v0.10's news.php file. It provides exploit examples and suggests patches but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: BandCMS v0.10
No auth needed
Prerequisites: target running BandCMS v0.10 with exposed news.php
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52940
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9553
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2494
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36517

Scores

EPSS 0.0102
EPSS Percentile 58.9%

Details

CWE
CWE-89
Status published
Products (1)
dave_robinson/rockbandcms 0.10
Published Sep 18, 2009
Tracked Since Feb 18, 2026